diff options
| author | Matthew Draper <matthew@trebex.net> | 2014-06-13 23:47:21 +0930 |
|---|---|---|
| committer | Matthew Draper <matthew@trebex.net> | 2014-06-13 23:47:21 +0930 |
| commit | b71d46a81a5798ea4e5ba0f7d41e07f573e6e615 (patch) | |
| tree | c94547f4c1b73307b2bbb080b29e4ed20d2dccdd /actionpack/lib/action_controller | |
| parent | 1c41d3b9827e839c0fc559b95cb07e45970b5ebb (diff) | |
| parent | fdb10597952614456b45460202c0b7c7b8833ecd (diff) | |
| download | rails-b71d46a81a5798ea4e5ba0f7d41e07f573e6e615.tar.gz rails-b71d46a81a5798ea4e5ba0f7d41e07f573e6e615.tar.bz2 rails-b71d46a81a5798ea4e5ba0f7d41e07f573e6e615.zip | |
Merge pull request #15683 from larrylv/fix-token-with-empty-value
Fix parsed token value with header `Authorization token=`.
Diffstat (limited to 'actionpack/lib/action_controller')
| -rw-r--r-- | actionpack/lib/action_controller/metal/http_authentication.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb index bad979be2d..5b52c19802 100644 --- a/actionpack/lib/action_controller/metal/http_authentication.rb +++ b/actionpack/lib/action_controller/metal/http_authentication.rb @@ -449,7 +449,7 @@ module ActionController authorization_request = request.authorization.to_s if authorization_request[TOKEN_REGEX] params = token_params_from authorization_request - [params.shift.last, Hash[params].with_indifferent_access] + [params.shift[1], Hash[params].with_indifferent_access] end end @@ -464,7 +464,7 @@ module ActionController # This removes the `"` characters wrapping the value. def rewrite_param_values(array_params) - array_params.each { |param| param.last.gsub! %r/^"|"$/, '' } + array_params.each { |param| (param[1] || "").gsub! %r/^"|"$/, '' } end # This method takes an authorization body and splits up the key-value |